Topic 2 Question 1
The JencoMart security team requires that all Google Cloud Platform infrastructure is deployed using a least privilege model with separation of duties for administration between production and development resources. What Google domain and project structure should you recommend?
Create two G Suite accounts to manage users: one for development/test/staging and one for production. Each account should contain one project for every application
Create two G Suite accounts to manage users: one with a single project for all development applications and one with a single project for all production applications
Create a single G Suite account to manage users with each stage of each application in its own project
Create a single G Suite account to manage users with one project for the development/test/staging environment and one project for the production environment
解説
Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need ✑ Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized. ✑ Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action. Reference: https://cloud.google.com/kms/docs/separation-of-duties
ユーザの投票
コメント(17)
Here are the correct answers: https://cloud.google.com/resource-manager/docs/creating-managing-folders Refer to the diagram on top, different envs are created at the project level.
https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations "A general recommendation is to have one project per application per environment. For example, if you have two applications, "app1" and "app2", each with a development and production environment, you would have four projects: app1-dev, app1-prod, app2-dev, app2-prod. This isolates the environments from each other, so changes to the development project do not accidentally impact production, and gives you better access control, since you can (for example) grant all developers access to development projects but restrict production access to your CI/CD pipeline."
The answer is C.
👍 49Anjoy2020/10/11i think C follows google's best practice?
👍 14aadaisme2020/04/30This case study is deprecated, you (admin) should remove this content.
👍 9JohnnyBG2022/08/07
シャッフルモード